[August 2017] Have you begun hearing rumblings about GDPR? If so, it’s for good reason. GDPR, which stands for General Data Protection Regulation, is a new law going into effect throughout all countries in Europe on May 25, 2018. To become compliant for this law (and avoid large fines), companies must ready themselves.
In comparison to the current 95/96/EC Directive, GDPR will be a required law and puts a much larger emphasis on individual rights.
GDPR affects every entity that holds or uses European personal data, regardless of where that entity operates. Company data processors and data controllers will be held directly responsible to comply with the law going into effect. The law will enforce privacy of any data that discloses an individual’s identity that is unique to them, such as full name, home address, credit card numbers, birthdates, photos, email addresses, social media posts, metadata and IP addresses. This is also extended to sensitive information including genetic and biometric data.
Fines for non-compliance are broken down into two tiers: Tier 1 affects those companies that can’t provide adequate security, have not appointed a data processor or established a data processor agreement. This can result in 2 percent of the company’s annual turnover or €10 million, whichever is higher. Tier 2 fines are imposed if data subjects’ rights have been infringed, for uncompliant data transfers or for breaching the main principles for processing. This amounts to 4 percent of the company’s annual turnover or €20 million, whichever is higher.
Is your company ready for GDPR? CuroGens can skillfully assess GDPR readiness, using a toolset Microsoft has made available to its network of partners. For more information, contact us at firstname.lastname@example.org. For more information about GDPR, visit www.eugdprcompliant.com.